MongoDB has issued an urgent warning for admins to patch a high-severity vulnerability (CVE-2025-14847) that allows for remote code execution and server control. Immediate upgrades to specific versions are necessary to prevent exploitation by unauthenticated attackers. #MongoDB #CVE-2025-14847
Keypoints
- The vulnerability CVE-2025-14847 affects multiple MongoDB versions and can be exploited easily.
- Attackers can execute arbitrary code without user interaction due to the flaw.
- Admins are advised to upgrade to MongoDB versions 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30 immediately.
- Disabling zlib compression temporarily can mitigate the risk if upgrades cannot be performed immediately.
- The U.S. CISA has previously cataloged MongoDB RCE vulnerabilities as actively exploited threats.